Manual:Switch Router

Contents

Many MikroTik's devices come with a built-in switch chip that can be used to greatly improve overall throughput when configured properly. Devices with a switch chip can be used as a router and a switch at the same time, this gives you the possibility to use a single device instead of multiple devices for your network.

Switch-router topology

Warning: Not all devices are designed to handle large amounts of traffic through the CPU, for this reason be very careful when designing your network since large amounts of traffic that are passing through the CPU will overload it. Functions that depend on the CPU (for example, NAT and DHCP) will not work properly when the CPU is overloaded.

Note: This guide is meant for devices that have a switch chip and are capable of using the switch chip's VLAN table, make sure that your device has hardware support for this feature, feature list per switch chip can be found here. For CRS series devices you should check the CRS Router guide, this guide should be used for devices that don't have a built-in switch chip as well (should be configured like CRS3xx series switches).

Port switching

For this type of setup to work, you must switch all required ports together:

Note: By default, the bridge interface is configured with protocol-mode set to rstp. For some devices, this can disable hardware offloading because specific switch chips do not support this feature. See the Bridge Hardware Offloading section with supported features.

DHCP and NAT

Create a VLAN interface for each VLAN ID and assign an IP address on it:

Isolated VLANs

In case your devices has a rule table, then you can limit access between VLANs on a hardware level. As soon as you add an IP address on the VLAN interface you enable interVLAN routing, but this can be limited on a hardware level yet preserving DHCP Server and other router related services' functionality. To do so, use these ACL rules: